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(57) Abstract 

In a mobile, wireless telecommunications network, communications relating to a mobile terminal can be protected during a handover 
of the mobile terminal from a first access point to a second access point. This may be accomplished by transmitting a security token 
from the first access point to the mobile terminal, and then from the mobile terminal to the second access point, over the radio interface. 
Thereafter, the security token is transmitted from the first access point to the second access point through the fixed network to which both 
the first and the second access points are connected. The communiations link between the mobile terminal and the second access point 
needed to achieve secure handover is then established only if the second access point determines that the security token received from the 
mobile terminal matches the security token received from the first access point. 
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A METHOD FOR SECURE HANDOVER 

FIELD OF THE INVENTION 

The present invention relates to the field of telecommunications. More 
particularly, the present invention relates to the field of wireless, mobile 
telecommunications. 

BACKGROUND 

FIG. 1 illustrates an exemplary wireless network 100, such as a wireless 
local area network. As shown, the wireless network 100 includes a fixed network 
portion 105, wherein fixed network portion 105 typically includes transmission 
equipment that communicates with various systems (not shown) that are external to 
the wireless network 100, such as a publically switched telephone network and/or 
the Internet. The fixed network portion 105 is further connected to a number of 
fixed radio stations known as base stations or access points, for example, access 
points AP, and AP 2 . Each of the access points, in turn, are capable of 
communicating with one or more mobile terminals, such as mobile terminal MT, 
over a radio (i.e., a <wireless) interface : , , s ^ 

Further with, regard to FIG. 1, each of the access points, API and AP2 
primarily communicates with a mobile terminal in a corresponding cell Cl and C2 
respectively. Moreover, it will be Understood that a mobile terminal MT, 
communicating through an access point API is generally located within the cell Cl 
corresponding to the access point API. However, as the mobile terminal MT 
moyes away from access poinj API, as indicated by the arro\v| 110, toward another 
access point, for example AP2 and its corresponding cell C2, the signal quality 
associated with the communication link between the mobile terminal MT and the 
access point API tends to decrease. If the mobile terminal MT continues to move 
away from the access point API , and the signal quality associated with the 
communication link beitweeri the mpbile terminal MT and the, access point API 
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continues to deteriorate, •&e , conin^ic^pnsrl^«win ? aU.lfceljhopd,.be lost if 
the connection ?.s not passed .off ^.transferred from the access^omt ,A£1 to 
another access point, :suchias, access point AP2.. The process of passing off or 
transferring -the connection from API to AP2 is known as handover or, . 

5' alternatively; hahdoff. • ... < '■ . . : . = :'. -i : .;.•■/,'• !: 

^ During handover/the'commuhications.li^ 
' ' terminal' is highly susceptible to intruders , that is , entities that, wish to hijack or 
• ' ■ simply disrupt the communications link. For. instance, : an ; intruding .device can, 

during a handover, present itself to the, new. access point .(i.e., ..the access point to 
10 which the 'mobile terminal is attempting .to, establish a communications link). If. the 
new access point accepts, the: intruding device as, the mobile: terminal, , the access 
point 'may 1 begin transmitting information tp the intruder that \s intended for the 

• mobile terminal. ' •».« .1. 1. 'ir <.- • 

Although providing security for communications between a mobile 
15 ' : terminal and one or more access points at. all, times is. an -important concern, 

providing a method and/or system feat does so particularly .during, handover would 
be -highly desirable. • : : . >.: m , \ ■ '• . • ••• •■ . ; ,« .... •• • 



K.-tu : . SUMMARY ... ... 

20 ' The present invention is of particular relevance ^0 .mobile 

telecommunications networks , wherein mobile terminals undergo handover from 
one radio' station (i.e., access point), to another, as they, moye from one cell to 
another within the telecommunications network. More particularly, the present 
invention involves protecting communications; associated) .with a mobile terminal 

25 against unauthorised intrusion when the- mobile terminal, undergoes a handover 
from one access point to another. r 

In accordance with one aspect of the present invention, a method and/or a 
telecommunications network is provided for achieving secure handover of a mobile 
terminal ftom a first access point to a second access point, wherein the first access 
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^ poirifand tHe' second access ^oint afe physically connected; through a fixed 
network. 1 The niethotf ind/or network involves transmitting a sesurjty token from 
' ? the fiisi ddces£ pbiiit to the mobile terminal, and then from the mobile terminarto^ 
the second access point over a radio interface, The;security tpken is then 
5 transmitted from the first access point to the second access point through the fixed 
' netWbrk. j X Commiinicatioh link is then established between thq mobile terminal 
" ahd the s^contl access* point; to achieve secure handover, if t^ second access point 
^ ^eteitom^s%at f t3fi*e security-token received from the jno^ile ^rminal matches the 
security token recei ved from the fsrst access-point. - ; 
10 : : 11 ; !i Iti'accdrd&nce ^ith atodther aspjectof the present inypsmon a method and/or 
^ a telecoh^uiiickions network is provided for: achieving secure handover of a 
ihbbife tfctminai frorri a first access point to a second access point. T}ie method 
and/or network involves transmitting a first message from the first access point to 
ihe mobile terminal over a radio interface, the first message pontaining an * 
15 encrypted security token £nd a hash code. Then, in the mobile, terminal, the 
" encrypted security tbken ! is: deciphered using an encryption key that is shared by 
the mobile terminal and the first access point. The mobile, terminal then re- 
encrypts the security token using an encryption key that it shares with the second 
access point. Thereafter, a message is transmitted from the mobile terminal to the 
20 second access point, this* second message containing the re-encrypted security 

token and the hash code. 3 The second access point then deciphers the re-encrypted 
security tdken using the encryption key that it shares with mobile terminal. 
Finally , a communications link is established between the mpbile terminal and the 
second acdess poiftt, to achieve secure handover, if the sepond access point 
25 "authenticates the mobile terminal based on the deciphered security token and the 
hash code. ? ' ; -<? 
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BRIEF DESCRIPTION OF THE DRAWINGS 
'The objects* advantages ! o'f the invention will be understood by reading 
the following detailed description in conjunction with the drawings in,, which: 
1 FIG. 1 illustrates an' e&riiplary mobile /wireless teleconunumcations 

network; " 

FIG. 2 illustrates a first embodiment of the present invention; 
FIG. 3 illustrates a second embodiment of the present. invention; 
FIG. 4 illustrates a third : embodiment of the present: invention; and 
FIG ! 5 illustrates a fourth embodiment of the present- invention. 



DETAILED DESCRIPTION 
" FIG. 2 illustrates a technique for securing cbrnmunications for a mobile 
terminal MT during a handover procedure from afirst access point (e.g., AP OLD ) 
to a second access point (e.g.; AP NEW ), in accordance withttfirst exemplary 
embodiment of the present invention. As shown in FIG.-2, AP OLD sends the 
mobile terminal MT, before the commUnicatioris link between the mobile terminal 
MT and AP OLD is disconnected, a message (1) containing a security token 
(S/TOKEN). In this first exemplary embodiment the security token may be any 
sequence of characters, such as a random number sequence. Then, prior to the 
establishment of a corronunicationS link between the mobile terminal MT and; 
AP NEW , the mobile terminal' MT transmits a message (2) to AP NEW , wherein the 
message (2) contains the security token provided by AP^p, and one or more 
mobile identity codes. Upon receiving the message (2) from the.mobile terminal 
" MT,. AP NEW sends a message (3) to AP OUD via the fixed network. This message (3) 
25 contains a security token request (S/TOKEN/R) 'as well jas> one or more of the^ 
mobile 'identity codes provided by the mobile terminal MT. ;In response, AP 0LD 
transmits\o'AP^ EW , a message (4), which contains the security token that AP OLD 
also provided to'the mobile terminal MT in ^the message (1). ; 
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Further in aecoffdance with the first, exemplary embodiment of the present 
invention, APfjEw^QW; attempts to authenticate the, mobile terminal MT. The 
•■ ■ AP^. accomplishes this by comparing the security ,token it received from the 

• mobile.terminal)MT in the message ,(2) with the security token it received from 

5 AP OLD in the message (4). If AP NEW determines that the security token it received 
from the mobile, terminal MT matches the security token it received from AP OLD . 
AP NE w authenticates the mobile terminal MT, thereby allowing a communications 
- link to he-established between the mobile terminal MT and AP NEW . 

v ' KAltiernativ.ely 4l AP OLai rnay 5 store a timestamp associated with the instant of 
10 time it transmitted the message (1) to the mobile terminal MT. By storing this 
timestamp, AP OLD can determine howmuch time elapses between the time it 
transmitted the: security token in th?, message (1) to the mobile terminal MT and 
-j thehme,it received a security token request in the message (3) from AP NE w. If 
■ 1 AP OLD determines that an excessive amount of time has elapsed, AP OLD may reject 
15 ' APnew's security token request. In, so doing, AP OLD protects against "replay" 

attempts*, that is, an intruder's attempt to use an old security token when trying to 

■access' AP NEV >. " I-. : .. :* • . , '., . ; •- - ; 

i In another .altei-native u? thefirst exemplary embodiment of the present 

•1. invention, APqld transmits data tp the mobile terminal MT.wherein the mobile 
20 terminal MT uses that data to .compute a.security token, which is then transmitted 

' ' ' '"to AP NEV ; in the message (2>. The AP 0IrP also transmits the data to AP NEW , upon 
A'P NEW transmitting a security token request message to AP OLD - The ap new then 

'>•••<• > imputes 4he security, tokened .qompares it with the security token received from 

v - the - mobile ■ terminal. MT in message (2) ; ; Again, if the security tokens match, 
25 ■ ■ ■ AP^ E w' authenticates the mobile terminal MT, thereby paying the way for a 

< ■ " ■ communication link to be established between the mobile, terminal MT and AP NEW - 

• ' : FIG. 3 illustrates a technique to secure communications for a mobile 

terminal MT during a handover procedure from one access point (e.g., AP OLD ) to a 
second access point (e.g., AP NEW ), in accordance with a second exemplary 
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embcaimerit of ihe present invention. As shp^.m HG. 3, ^5 technicu^ t 
associated with this second exeropl^^^bjpdjroept, .fc^imjlgr to .the; technique 
associated with the first exemplary embp^imeiir, . but for tha fact that r the security 
token transmitted from AP OLD to the mobile terminal MT in message (1), and 

: thereafter,' transmitted from the mobile; terminal MTto, AP, KEW in ; message (2) is. 
encrypted, as iiidicated by the notation EN^S/TOIffiN..^Accord^gly n; .AP NEW 
mu& 'obtain 'the correct encryp^ 011 kev to. decjphepthj -se^^ IfcftPfc . - T - h £ APnew 

il ' inay obtaitf the encryption key, "fdr example, ^y. accessing.^. coi^qn,. key database 
or through trinsverenee from AP5 LD . It will be ; understood ; th^,the mobile terminal 

"' MT need not r^iritam that encryption ;keyvsas~k merely receiy^ ^he encrypted . ( 

•'• Security 'token from AP OLD and then passes toon to ,AP NEW . lf Moreover,, it will be 
1 understood that in-order to further protect communications, the n enc^yption key 

*rtiay : periodically change. »• - ; \<a • rt ; •" /, 'V' ? \ ... 

' Further in accordance with the second exemplary en^bo^u^ent, ,AP NEW then 
transmits a message (3) containing a securityotoken request to. APo L p, ; through the 
fixed network. Assuming the time associated iwith any, timestamp has pot elapsed, 
AP OL d then^ransmits a message (4) : cpntaining an. un-encrypted version of the 
security token tc AP NEW . .Because the message. ,(4) . is routed through the fixed 
netvvdrk aha not ovsr the radio interface,, the security token, pontained therein is 
not encrypted.' The AP NEW can now compare, the, security joken ( receiyed in 
message (4) -,vith the security token received in,message (2) , which it subsequently 
deciphered} Once again, . if AP NEW determines that the security tokens match 
APn EW authenticates the mobile terminal MT, : thereby allowing a communications 
link to be established between thompbile terminal MT and APnew . , ; 
' FIG. 4 illustrates a technique to secure, ^communications for a mobile 

terminal during a handover procedure from a first access point (e.g. , AP 0LD ) to a 
secohd aceess -point (e-g. , AP WEW )„ in accordance with yet a third exemplary 
embodirnem of ^th; present invention. ^.accordance, with this third exemplary 
embodiment, a two-step process is employed, wherein all of the information 
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needed by APnew t6 authenticate the mobile ^terminal MT, . prior t to the , , , 
" ?i 'e'stabHshmerit of a bdrnmunieatiori link between AP^ew and the .mobile terminal 
v ' - ' '''''durlnfe'filjfadHVerV'is transmitted over <he .radio interface, i ; 

5 f \i j c.^.:^ first step in the two-step technique associated with this third exemplary 
^'■embbdmieHf/as-sho^^'F^^,: involves ARq^ transmitting a message (1) to the 
mobile terminal MT before the communications. link between the mqbjile, terminal 
" ' U;5 MTdki' APqld is disconnected as part of the handover .procedure. The message 
( 1) contains^ among other' items, ari encrypted security token. (i.e^ , ENC MT . 
10 '' APO 's7T6ltEH), wherein the security token is encrypted using a key that is shared 
' •' only Sy th^ rnobile terminal ; MT and AP OLD , as indicated by the. notation ENC MT . 
APo- The r message'(l) also contains an encrypted timestamp value, (i.e. ■, ENC AP o- 
APN _T/STAMP) and an encrypted hash code (i.e., ENGapo.apn.jS/TOKEN),. 
rf wherein tlie hash "code is a function of the security token (S/TPKEN) which has 
15 ' been ericfypted' using 'a key-that iiP shared only by the two access points, as 
' ' ? ' *"' indicated by the^ v hb'tatidh c ENC Ar ^ A w. - ,: ; : . . 

' ' : 'The 'secdnfc -step* in thetwd<*tep technique associated, with the third 
exemplary embodiment /as shown in FIG ■ 4, involves the mobije terminal' MT 
processing the contents 'of the' message (i), and thereafter., transmitting a message 
20 ' (2) to APnew ' wherein processing the contents of. the message (1) ^primarily 

bridled by software algorithms stored in and executed by the mobile terminal MT. 
More particularly, processing involves deciphering the encrypted security token 
! ' rising the encryption key that is shared only by the mobile terminal MT and AP OLD . 

as stated above; arid then re-ehcrypting the security token using a second 
25 ' encryption ! key that H shares only with AP NEW . Accordingly . the message (2) 
contains! among other items, the re-encrypted security token i (i.e,, 1 ENC MT . 
APN ! "S/TOKEN). As the mobile terminal MT does not possess thq encryption keys 
to decipher the tirnestarrip value and thehash code contained in the message (1), 
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Ai . r the mobile terminal MT merely transfers these tojthe message (2) forsise by 
; AP N£ ; Wi as will be discussed qn more detail below , ^ - ^ u n ^ 
r Bpoh^eceiving the>message (2) frorr^the mobile terminal MT^ AP NEW 

* deciphers each of the litems contained therein using the various? .enqsypsion keys. 
5 For instance, AP NE v/ deciphers die security ttpken <using. ; thf^ encryption key which is 



shares with the mobile terminal MT . The APneSv then deciphers the serrarity token 
from the tizsh code by applying the encryption key, it shares with AP OLD . The 
AP^ EW can then authenticate the; fact that the message 41) and theinessage (2) 
originates from a valid source, if tlie two security tokens match . The AP NEW will 

10 also decipher the timestamp >value fusing ; yet another encryption key that it shares 
with AP OLD , ar^d if it is determined therefrom fhat,an excessive amount of time has 
' not elapsed since-the APc LD transmitted the message (l)to the mobile terminal 

'">■ MT, a communications link can be established between the mobile terminal MT 
and the AP NEW , as part of the handover procedure. . : - r - ; 

15 > FIG: 5 illustrates an alternative technique, similar to that which is 

illustrated 'in FIG. 4. I?he alternative technique illustrated m FIG. ,5 differs from 
the technique illustrated in FIG. 4 in* that the first step in the two-step technique 
involves the transmission of a message (1) from AP OLD ;to the mobile terminal MT, 
r wherein th£ message (1) contains a plaintext (non-encrypted) timestamp value (i.e., 

20 T/ST AMP) and a hash ;code (i.e/, EN;G A po.a^T/STAMP, S/TQKEN), wherein 
the hash: code Ls a function of the timestamp value (T/STAMP) V the security token 
(S/TOKEN); and an encryp-iorikey that is shared only by the two access points, as 
indicated by the notation ENC ap6 :xpn- Like: the technique illustrated ipi FIG. 4, the 
message (1 ) also contains an encrypted security token (L e . , ENC MT : M ; ; s 

25 v APO _S/TOKEN). v - . ;: , . . ::0 

The seccnd step of the alternative two r step technique illustrated in FIG. 5, 
like the technique illustrated in FIG. 4, involves the mobile terminal processing the 
contents of the message (1), and thereafter transmitting a message (2) to AP NEW , 
wherein the processing of the contents of the message (1) involves deciphering the 
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v- ^encrypted security token usin£ the Encryption key. that is shared only by the mobile 

terminal MT and AP OL 6»and then re-encrypting the security token using a second 
a rn{ enci-y^tion keyithat the mobile terminal MT shares only with AP NEW . The re- 
.'V* encrypted security tokeh<(i.e;^N(DM^ PNL< :S/TOKEN) is then inserted into the 
#1 v .message; (2) along withithe plaintext timestamp value and the hash code. The 
; (Ti;imessage (2yis4hen transmitted-to AP N ^Wi ' r-.> f* ? ; 

■ ) ( ; ^ After, receiving the message d) from the mobile terminal ; MT, AP NEW 
' \; 'deciphers the contents of the message (2) using the various encryption keys. For 
- V ^exaniple/^P^E^^deciphers the security token using 'the encryption key which it 
10 ~ ^sharbS -With' the; mobile*ieraiinal NflV The AP^v/ then' deciphers the security token 
i and the timestartip-value from the h&sh code by applying the encryption key it 
v shares \vith AP OLD . The AP NEW can then authenticate the fact that message (1) and 
- ■ meSsagb (2) originated from a valid source, if the two security tokens match and/or 
the two timestamp valuesmatch. If APnew determines, based • on the timestamp 
1 5 value that an excessive amount of time has not elapsed since AP OLD transmitted 

the rfiessage (1) to the mobile terminal MT,-a cdiftmunicationsflink can : be 
-\- : v established between the mobile terminal MT and the-AP^Ew^asrpart of the 
v handover procedure. •>* ; ; - ! : - hi *uj r 1 

■ ^ The present invention has bqen described with reference to several 
20 - exemplary embodiments. However, it will/be readily apparent to those, skilled in 
■' ( the art that 5 it is possible to embody the invention in specific forms other than those 

s|>eeificdlly described herein above; furthermore, this may be done without 
• ; departing from the spirit of the invention. These embodiments are merely 

illustrative -and should not be considered restrictive in any way. The .scope of the 
25 invention is given by the appended claims, rather than the preceding description, 
; ? and all variations and equivalents which fall within the .range, of the claims are 
* intended to be embraced therein. ; * ; ; wh; ; 1 
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y WHAT IS CLAIMED IS: 7 * , > >■■ 1 .,«>..:: — ;v- y; 

1. In a mobile, wirdessvte^ 

secure handover:of a mobile terminal from a first aecersstpoint tOi^seGcirid access 
. , point, wherein the first: access pciat and the second access point are physically 
5 connected through a fixed network,: said method comprising the steps of :c 

transmitting a security token from the first access point to the mobile 
terminal over a radio interface; 

transmitting the security token from the mobile terminal to the second 
access point* over the radio interface; ^' ■ ~ s.vnb ;; ' . i ^ ; 

10 transmitting the security token* from the first access point to the second 

access point through the fixed network; and ^: ; : r ^ 

establishing a communications link between the'mobile terminal and the 
second access point, to achieve secure handover, if the second access point 
determines that the security token received fnx:v the mobile terminal matches the 
15 security ;token received from the first access point, -r:-/;> 'C - . 

2. . The:Tnethod of claim 1 ; wherein the security, token is encrypted at the first 
• -access* point.. '. - ; * o^r- • 

20 3. The method of claim 2 further comprising the step of: i i 

at the second access point, obtaining an encryption key from the first 
access point to decipher the encrypted security token. . ; t ? 

4. The method of claim 2 further; comprising the step of: • .Mr":.. 
25 an the second access point, obtaining an eneryptionkey from a, common 

key database to decipher the encrypted security token. j; , . : , l 
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5. The method of claim 1 further comprising the -steps of: 
\ i /^;.; >; v. \ h .transmitting^ mobile. temiinah identification code, along with the security 
^ > . token*? from ?the mobile terminal: to the second access point; and 

*\l a;; /:/] ^transmitting a security token request ?and the mobile terminal identification 
5 cotie from the ^second access* point to the first access 'point, through the fixed 
^network. \ r.-.^: ■«/: v.^ ■ ■ \ - ■ ,f '- ■■ ' ■ >< r ' 

:>;«6:.-. In a ; mobile s wireless telecommunications network, a method for achieving 
secure handover of a mobile terminal from a first access point to a second access 
10 > pointy said method comprising the; steps of; " j * u > 

transmitting a first message from the first access point to the mobile 
terminal over a radio interface; Wherein the first message? contains an encrypted 
security token and a hash code; ' = / 

i in the mobile terminal;, deciphering the encrypted: security token using an 

15 encryption key shared by the mobile terminal end the first access point; ; 

in the mobile terminal, re-encrypting the security token using an encryption 
* ; ' : r key; that is shared by the mobile. terminal and the second atcess>pbint; 

transmitting a second message from the mobile terminal to. the second 
access point, wherein the second message contains the re-encrypted security token 
20 and the hash code; * \ 1 u 

deciphering the re-encrypted security token at the second access point using 
the encryption key shared by the mobile terminal and the second access point; and 

establishing a commuriications link between the mobile terminal and the 
second access point, to achieve* secure handover, if the second access point 
25 i- * authenticates/the mobileterminal? based on the deciphered security; token and the 
hash code. '■ : . T ? ; ;M 
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7. The method of claim 6, whereintthe hash, code iS(£ ;funQtion of the security 
token and an encryption key .that . is shared; by; the, first^access point and the second 
access point. .... . . - * .-. ^ -.v •■• .* I, in:iivvn: 



5 



8. 



The method of claim 7 further comprising the steps of: 



deciphering the security, token at the-secojid^ access rpoint by applying the 
encryption key shared by the first access, point and th£< second access point to the 



hash code; ■ q , . y.^ ■. ■; 

comparing the security token deciphered using the encryption key shared 



10 by the mobile tenjiinaland the secpnd access point, with she.security token 

deciphered using the encryption key shared by ;the first access, point and the second 
t - f access point; and , > j.. < * 

rr authenticating the mobile terminal if the second access point determines 
that there is a match between the security token* deciphered ; using the encryption 
15 key shared by the mobile terminal and the second access point and^the security 
, u token deciphered .using the encryption key shared by jthe- first access point and the 
second access point. v ; . : ; ; ; j 

9. The method of claim 7, ^wherein -the hash code is also a function of a 
20 timestamp value; r . : - Li -/ : r>r: ^ t . ^ ^ 



j 10, The method of claim wherein the first message and the second message 
each contain a timestamp value. , , . , : ? ; J; . 

,25 - ,11. .1.- The jnethpd of claim 10 further comprising the step of: h t r ^ 
determining, as a function of the timestamp value, whet Apr. an excessive 
period of time elapsed between the time the first message was transmitted from the 
first access point to the mobile terminal and the time the second message was 
received by the second access point. 
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121 U? The method bf claim ll--iiirther :> tfonipnsihg'fli& step of: 
r >; j j ; m L preventing the estalb^^ 

terminal and the second access point, if it is determined that an excessive amount 
of time has elapsed. 

5 *o *yr^ !>■■*';;♦. : \- -tv- t " •.)■> :.;.. - 

m R fr 13. • .The method df claim 11 further comprising the step of: 
* t encrypting the 1 tirrtestamp value using ari encryption key that is shared by 
the first access point and the second access point. 

10 14;' 1 In a mobile -^wireless telecbmmuniciatioris network, *a method for achieving 
sfeciire handover of a i rhobile teiraiinal from a first abcess point to a second access 
point, wherein the first access point and the second access point are physically 
v connected through a fixed network, said method comprising the steps of: ~ 
traftsimitfing a security tbken from the first access point to the mobile 
15 r terminaPbver a radio interface; * ^ : ; ■ 

1 : r -i transmitting the security itoken from the mobile teirminal to the second 
access point over the radio interface; 

transmitting the security token from the first access point to the second 
Access point through^ the fixed network; and ^ • 

20 establishing a communications link between the mobile terminal and the 

second access point, to achieve secure handover, if the second access point 
T f deteVmines that tKe security tokeri received from the mobile terminal matches the 
security token received fronf the first access point. 

25 15. The friethbd of claim 14; wherein the security token is eiierypted at the first 
Access point. 5 r - fei ; 
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. 16. The method of claijn 15, further comprising^fte st^jpf ^ . 

. t at the second access pokit, obtaining an encryption key ppxs\ .the first 
access pom? to decipher the ■ encrypted security, toke r 



■5>, ] f 17*.,._. ;: - ; -Th^rinethod of cl^im 15 further ;cpmprising. the^s^tejf) ofc ;i: .j; i;r , r - l# . r : 
at the second access point, obtaining an encryption key firpjn axqmmon 
key database to decipher the encrypted security token. 



■My*. 



c I 



i j 18. The. method of claim^l^ further, comprising the s tens of: . r ft> r 

10 transmitting a mobile terminal identification code, along- with the security 

token, from the mobile terminal to the second access point; and 

transmitting a security token request and the mpbile terminal identification 
code from, the. second access point to the first access point, through the fixed 
- . network; . ; v - ■ • . \ ; \.: • - - ; . - 

19. , In a mobile, wireless telecommunications net\york v a method for achieving 
secure ^handover of a, mobile terminal from a first s access, point to ; a,secpnd access 
i point, ;5aid method comprising the, steps of: ^ : : .. , 

transmitting a first message from the first access point, to the mobile 
20 r terminal over : a t radio interface, wherei^i the Tirst : tnessage contains an encrypted,, 
v security token and a hash code; . . _ . ...r : , j ; ..... 

h : in t the. jnobile terminal, deciphering the encrypted security token using an 
encryption key shared by the mobile terminal and the first access point; 

in the mobile terminal, re-encrypting the security token using an encryption 
25 key that is shared by the mobile terminal and the second access point; 

, transmitting a second n}essage 4 ,from tlje mobile tenninal. to the second 
access point, wherein the second message contains the re-eqcrypted security token 
and the hash code; 
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deciphering there-endi^ at the second access point using 

' * die ericfyjptibn ke^ shared By the* mobile tbriniHal aihd the secorid access point; and 
establishing a totriniuriications lifik betweefi tfie 'mobile terminal and the 
second access point, to achieve secure handover, if the second access point 
5 authenticates the^ta^^ the deciphered security tokeh and the 

r '' :fri hdshcbde: ''^ -"^rr - ;r , :: >, • >.■,. , 

20. The method of claim 19, wherein the hash code is a function of the security 
token and ail ehcfyptibn key that is shared by the* fiht access pdfiht and the second 
10'' access point ; ( " ■ '^-^ f: - " i i*:. . f 

21* jhe method of claSm 20 further comprising the steps of; 

deciphering* the security token at the secorid access point by applying the 
encryption key shared by the first access point and the second access point to the 
15 hash code; 

{ comparing 'the security token deciphered* using the encryption key shared 
by the mobile terminal ^aiid the second access point with the security token 
deciphered using the encryption key shared by 1 the first access point and the second 
access point; and * 1 M - * - ,; 11 V : - 1 *•-•:,/ " 
20 auth^ntic^ihg : -thfe'mbbite' terminal if the second access point determines 

that there is a match between the security token deciphered using the encryption 
' ' key shared by the ftibbile terminal add' the secorid access point arid the security 
token deciphered rising tHe encryption key shared by the first access point and the 
second access point. 



25 



22. 1 The riiethod of claim'20, Wherein the hash code is als6 a : function of a 
timestamp value. 1 . *a<. 
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23. The method of claim 19, wherein the first message and the second message 
each contain a timestamp value! L : 

24. The method of claim 23 further comprising the stej) of: 

5 determining, as a function of the tiipestamp value, whether an excessive 

i ui i | 

period of time elapsed between the time the First message was transmitted from the 
first access point to the mobile terminal and the time the second message was 
received by the second access point. 

10 25. The method of claim 24 farther comprising the step of: 

preventing the establishment of a communications link between the mobile 
terminal and the second access point, if it is determined that an excessive amount 
of time has elapsed. j 

15 26. The method of claim 24 further comprising the step of: 

encrypting the timestamp value using an encryption kjey that is shared by 
the first access point and the second access point. 
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